SECURITY THOUGHT LEADERS’ VIEWS

We asked the following leading security thought leaders: What can businesses do to help the security services and themselves to defeat terrorism?

• Don Randall, MBE, Chairman, City of London Crime Prevention Association
• Richard Morris, Commander, Metropolitan Police (at time of writing)
• Wayne Chance, Commander, City of London Police (at time of writing)
• Sir David Veness, CBE, QPM, Senior Advisor, Pilgrims Group Limited (at time of writing)
• Paul Eskriett, MBE, Security Adviser, QCIC
• Darren Carter, Head of Group Security, Edwardian Group London and Vice Chairman of Hotel Security Management
• Hagai M. Segal, Advisor, consultant and academic on geo-strategic risk & counter-terrorism
• Brian Simms, Media Solutions Manager, (UBM Live Security and Fire Portfolio) for IFSEC International

Don Randall, MBE, Chairman, City of London Crime Prevention Association

There is an obvious business imperative for robust security provision against all types of threat. We can see from the comments that follow, consensus is emerging on the most effective ways of implementing this provision.

The threat and reality of terrorism will never go away and we must continue to be vigilant, build resistance and recovery options. However, the threat from cyber crime is now top of the agenda for many businesses. We know that the proceeds from cyber crime can not only fund terrorism, but have the potential to make a catastrophic impact on an organisation.

In order for business to continue to prioritise cyber crime, board level focus is needed for this and all aspects of security. Understanding and commitment to security at a senior level is essential.

The role of partnership working has taken a significant step forward in the past decade. Since 9/11 the partnerships between law enforcement, the security services and business have grown in efficacy and influence and play a key role in defeating terrorism.

Project Griffin has reached its 10th year and has made a major contribution. It is public/private partnership at its best. The Cross-sector Safety and Security Communications (CSSC) initiative is now recognised as a significant advance in keeping business secure. The Building Security Accreditation scheme is another key initiative to encourage and recognise good security practices.

Clearly, there are practical steps that businesses can take. Timely and specific advice is available via your local police Counter Terrorism Security Adviser (CTSA) who provide a direct link to advice from the National Counter-Terrorism Security Office (NaCSTO).

Richard Morris, Commander, Metropolitan Police (at time of writing)

Businesses can do a lot to help the security services and to protect and prepare themselves to combat terrorism.

Many of the most effective protective security measures are the most simple to implement and instrumental in creating a healthy security culture.

First and foremost, to ensure that any security regime and contingency plans that are in place are regularly tested to ensure they are robust enough to cope with any anticipated incident or increase in threat.

Security staff, receptionists and front of house staff as well as all supervisors should recognise their role in deterring and disrupting the threat from both crime and terrorism.

Use team meetings to remind staff about the importance of being vigilant and reporting suspicious activity and behaviour and ensure they know how to do this. Also, ensure that each member of staff understands their specific roles in any security plan.

Simple good housekeeping always pays dividends – a thorough search of premises, both inside and out before, during and after opening hours can help to identify any issues, prevent false alarms and reduce the opportunity for any suspicious items to be left.

Regularly checking that all emergency exits are secured when not in use will prevent unauthorised entry and ensure no one is able to enter your premises bypassing any screening regime you have in place.

Remember that any evacuation routes and exits must be well defined, and evacuation plans should be exercised regularly.

CCTV can help clarify if any security alert is genuine and could be vital in any post-incident investigation. Ensure that the date and time stamps are accurate and the system you operate is well maintained. Check to make sure that the recorded images of people and vehicles are clearly identifiable and are retained for at least 31 days.

Further advice for can be found at www.nactso.gov.uk

Every Borough in London has a CT focus desk and it is the responsibility of officers who work within these desks to engage with their local businesses and, working together, deliver a range of CT protective security measures including Project Griffin, Project Argus, and arranging specialist advice when needed.

Wayne Chance, Commander, City of London Police (at time of writing)

Engaging with readily-available services is key to businesses protecting themselves against terrorism. In the City of London, as elsewhere, a dedicated, specialist team of police Counter Terrorism Security Advisers (CTSAs) delivers NaCTSO and bespoke advice, briefings and other products to all businesses who seek them. The aim is for businesses to understand the specific sources and nature of threat against them, and to help those businesses develop proportionate, realistic responses.

CTSAs work with the CPNI and other agencies and are key to the delivery of the UK’s protective security strategy on the ground. CTSA services are almost universally free of charge, and all are backed by many years experience of business needs, and the most up-to-date understanding of threats and how to mitigate them.

In the City of London, the CTSA team includes an Architectural Liaison Officer (ALO), advising developers, architects, and the City of London planning authority on crime and terrorism mitigation in the design of new developments.  By engaging with the ALO early in the design stage of a new site, developers can promote the safety of future occupiers and the wider community in the most efficient and cost-effective way.

Email CTS@cityoflondon.police.uk to find out how your CTSAs can help your business remain safe and productive.

Sir David Veness, CBE, QPM, Senior Advisor, Pilgrims Group Limited (at time of writing)

There has been a strategic shift in the balance between security provided by the public authorities and the totality of private sector security delivered

by the full span of industry. The critical importance of information technology is a key reason for the shift.

This provides an opportunity for greater mutual benefit between sectors.

The defensive concept of protecting critical national infrastructure (CNI), vital to national security, needs to be increasingly supplemented by greater proactivity

to achieve resilience on a wider horizon.

The UK is well placed to achieve this. There are now more sectors of CNI. The National Counter-Terrorism Security Office (NaCTSO) does excellent work on an even broader agenda including crowded places. There are many commendable public/private counter-terrorism partnership initiatives.

The Cross Sector Safety and Security project (CSSC) is a 2012 Olympic legacy success.

The helpful potential of business includes massive gearing of overall effort encompassing venues, employees, clients, customers, supply chains and neighbouring commercial enterprises. The entire private sector could also be more imaginatively allied with crime prevention messaging. The private sector gains by greater resilience derived from closer engagement.

The barriers are reticence and misunderstanding as to positive benefits. These are not insurmountable, but may require a defining event, preferably planned, to address the blockages and unleash greater protection for all.

Paul Eskriett, MBE, Security Adviser, QCIC

Looking forward there is no reason to believe that the terrorist threat has been defeated or declined. On the contrary, evidence from around the globe clearly shows that committed terrorists are still carrying out atrocities and large numbers of people are being killed in the name of terrorist causes.

In the UK, for many years, the emergency services, local authorities and businesses have worked in partnership to reduce the risks from terrorism and to ensure they are able to respond quickly and effectively should an incident occur. Many worthwhile partnerships have been formed and initiatives such as the CoLCPA, Project Griffin and Argus and the CSSC have been very effective.

In some businesses I visit the external partnerships are more obvious than the internal partnership between security, business continuity, IT and senior management. Given that one of the aims of each group is to reduce risks and ensure the business is able to continue functioning, even if subject to an attack, this seems an oversight. It is essential that these areas of business do not work in silos and communicate and exercise regularly if they are going to provide effective protection for the organisation.

The threat from terrorism is ever changing and security should be under constant review to ensure it meets the needs of the threat. It is only too easy for us to become complacent with the security we have. It is important that all security practices, procedures and equipment are independently reviewed.

An independent review by a suitably qualified company or person will provide a fresh perspective, uncluttered by historical cultural challenges.

Darren Carter, Head of Group Security, Edwardian Group London and Vice Chairman of Hotel Security Management

There appears to be no cause for optimism that we are witnessing a decline in acts of terror. Any such hopes were shattered within the first week of 2014 where 7 significant attacks reported 58 dead and 196 injured across the MEA region. The domestic outlook for the UK reports an ever present and significant risk. Regardless of which direction we focus our thoughts, we are acutely aware of the motivations and aims of terrorist groups whether they be affiliated to Islamic extremist groups or those which we consider much closer to home.

‘Productive partnerships’ are where we begin to build knowledge, awareness, resilience and capability. Whether creating plans, training or sharing and cascading information, co-operation with industry, both public and private sectors, should be a priority for any organisation. By productive I mean, of course, that they satisfy the need and are useful, not a talking shop which over-promises.

Active participation in projects such as Griffin and Argus has enabled organisations to become much more capable of identifying specific needs and building resilience into their operations. CSSC demonstrates a powerful example of a productive public /private partnership. Authoritative, timely and purposeful communication is essential for any business during a major event – if your business is not represented at CSSC then you should make it your business to ensure it is.

Hagai M. Segal, Advisor, consultant and academic on geo-strategic risk & counter-terrorism

My work with enterprises across the globe constantly demonstrates the urgent need for firms to assess whether their governance and structures have adapted to 21st-century security challenges.

For example, the most pressing security concern for many enterprises should be the threat of cyber intrusion, yet you might be amazed at how many of their Head of Security has never met their Heads of IT! An outdated concept limited to physical security alone prevails, with no role for other key functions of the business in the firm’s protection.

Such obsolete structures – and the mindsets perpetuating them – must be urgently addressed. The ‘all hazards defence’ should instead prevail – systems and structures must be adaptive, with constant reassessment of the assumptions underpinning them. And the reasons why have to be understood and implemented across the business – the threat environment is changing more dramatically than ever, and systems must be equally adaptive and fast-changing.

In today’s security environment inertia equals dangerous complacency.

The Board must thus take responsibility – concerted efforts need to be made to ensure internal understanding and commitment to have security and resilience/continuity functions feeding directly into Senior Management.

Public-Private cooperation is also vital. When the public and private sectors are brought together for collective benefit the results can be dramatic and of benefit to all – as recently demonstrated with the creation of Cross-sector Safety and Security Communications www.vocal.co.uk/cssc/.

Brian Simms, Media Solutions Manager, (UBM Live Security and Fire Portfolio) for IFSEC International

Terrorism is, of course, an ongoing and potentially serious threat to the business community. Physical or cyber-based attacks may be perpetrated for political and/or ideological reasons or perhaps financial gain. Whatever the underlying motive, terrorist episodes might be orchestrated on such a scale they could render businesses non-viable. Prevention of this latter scenario is the overriding aim. On that basis, businesses must do all they can to deter would-be terrorists. For one thing, security must always be a key focus for the Boardroom agenda and overall business planning.

The requirement for constant vigilance and a ‘security-cognisant’ approach is paramount. Here, senior management must set the tone. Measured thoroughly against the defined risks/threats, security needs to be realistic, appropriate and cost-efficient. Businesses have to keep security procedures regularly updated and, importantly, make staff fully aware of them. Talking to managers in nearby, like-minded organisations might help realise a common blueprint for Best Practice. As part of the UK’s ongoing national counter-terrorism planning, police services now include Counter-Terrorism Security Advisors among their number. Business leaders should contact their local CTSA as they can offer excellent advice in areas such as physical security design, risk assessments, business continuity and response to bomb threats.